SOC L2
Capgemini
- Málaga
- Permanente
- Tiempo completo
- Advanced Analysis: Perform deeper and more detailed analysis of incidents, evaluating sophistication and potential impact compared to level 1
- Specialized Escalation: Handle incidents of greater complexity, escalating to higher levels and coordinating with specialized teams when necessary
- Forensic Investigation: Conduct forensic investigations to determine the root cause of incidents and collect evidence for possible legal action
- Signature and Rule Development: Create and update signatures, rules, and behavioral profiles in detection tools to improve accuracy and effectiveness
- Technical Advice: Provide technical advice to level 1 analysts, helping in the understanding and resolution of more complex incidents
- Tool Optimization: Collaborate in the improvement and optimization of security tools, proposing adjustments and updates to keep up with threats
- Critical Incident Management: Coordinate the response to critical incidents, ensuring efficient execution of mitigation and recovery plans
- Review of Security Policies: Evaluate and update security policies and procedures, ensuring their alignment with best practices and regulations
- Staff Training: Provide ongoing training to Tier 1 staff and other teams on new cybersecurity threats, tactics, and techniques
- Threat Intelligence Analysis: Integrate threat intelligence to improve the ability to detect and respond early to possible attacks
- Coordination with Internal Teams: Collaborate closely with internal teams, such as the risk management and compliance team, to address specific security aspects
- Development of Executive Reports: Prepare detailed executive reports on incidents, providing clear and concise information for decision making
- Continuous Process Improvement: Identify opportunities for improvement in incident response processes and contribute to their continuous evolution
- Vulnerability Analysis: Carry out vulnerability assessments to identify possible points of exposure and collaborate in their mitigation
- Participating in Advanced Drill Exercises: Engage in more advanced cybersecurity drills to test responsiveness and improve team readiness.
- Strong analytical and problem-solving skills
- Excellent written and verbal communication skills
- Knowledge of security best practices and concepts
- High ability to multi-task, prioritize, coordinate, work well under pressure and meet deadlines
- High-level understanding of TCP/IP protocol to detect and understand malicious traffic
- Experience in SIEM operation & tooling (IBM QRadar, Splunk, Microsoft Sentinel, Chronicle)
- Experience in EDR operation & tooling (MS Defender, Symantec, CrowdStrike Falcon, among others)
- Experience in Network components operation or general knowledge
- Experience in incident, problem management, and/or change management
- Knowledge of Operating Systems, Basic Scripting Skills
- Ability to communicate in writing and verbally in both Spanish and English
- Bachelor's degree in Cybersecurity, Networking, Information or a related field is not mandatory but is wellcome
- Relevant industry certifications are not mandatory but are wellcome:
- You will find a dynamic and incusive work environment
- Participate in cutting-edge and innovative technological projects.
- Career plan and specialized training courses.
- Competitive salary according to candidate’s profile
- Restaurant tickets
- Childcare checks
- Medical and life insurance
- Become part of a responsible company committed to equal opportunities.
- An excellent work environment and team with whom to work side by side.
- Regular team and global events
- Steady job, you'll get a permanent contract from the first day onwards.
- Hybrid working model